to: ausnog@ausnog.net
date: Thu, Apr 2, 2009 at 10:33 AM
subject: [AusNOG] Trojan spam run with Facebook hook (AUSCERT#2009abf45)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
G'day all,
We are seeing a decent trojan spam out using Facebook as the hook. The
emails all differ slightly but possess the same characteristics. Eg:
From: "Facebook presentment"
Subject: Facebook announcement: Great looking girl having fun (Last rated
by Bradford Collins)
Messages from Your Friends on Facebook, April 01, 2009
You have 1 friend requests - Personal Message:
Watch the video titled "Drunk Charlize is dancing striptease on my
Birthday Party, March 28, 2009! We're absolutely shocked!".
Proceed to view full message:
hxxp://facebook.shared.id-etsmrnhy5e.subject.876panel. com/home.htm?/identification/authentication=0616n9m12
Added 16 minutes ago. Message ID: FB-06nnzbrxizjrzvr
2009 Facebook community, Message Center.
Multiple domains are being used all following a naming scheme of
[3-5 digit number]panel.com
Eg:
2349panel. com
43553panel. com
654panel. com
876panel. com
987panel. com
Is anyone else seeing a decent run of this?
Just trying to work out how widespread it is as we are preparing to do an
alert on it.
Apologies if you see this across a few lists - looking for any feedback
on numbers on this (and it is all appreciated).
Best regards,
- -- Matthew McGlashan --
Coordination Centre Team Leader
世界有数のSNSであるFacebook上におけるトロイの木馬的SPAM発見の報告。
また、他の場所での目撃情報を募っています。
mixi上では「あしあとスパム」くらいしか聞かない気がしますね。
0 件のコメント:
コメントを投稿